我按照 cert-manager tutorial 在我的 k3s 集群中启用了 tls。所以我修改了letsencrypt-staging issuer文件,看起来像这样:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: mail@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: traefik
但是当我部署它时,我收到错误 Failed to verify ACME account: Get "https://acme-staging-v02.api.letsencrypt.org/directory": read tcp 10.42.0.96:45732->172.65.46.172:443: read: connection reset by peer。但这仅适用于登台 clusterIssuer。 te教程中的生产示例完美无缺。我重新搜索了这个错误,它似乎与 kubernetes dns 有关,但我不知道如何测试 dns 或任何其他方法来找出此错误。
测试了 kubernetes DNS 并且它已启动并正在运行,所以它一定是 cert-manager 的错误,特别是因为 prod 证书状态显示为 `Ready=True
答案 0 :(得分:1)
所以看起来我遇到了让我们加密的限制。等了一天,证书现在生效了